Segmenting your scope
To run an evaluation by using IBM Cloud® Security and Compliance Center, you must target the specific resources that you want to scan by creating a scope. After your scope is created, you can segment your scope into subscopes that can be used to limit access to scan results. To learn more about scopes and best practices, see Best practices.
Only IBM Cloud scopes can be segmented into subscopes.
Before you begin
Before you get started, be sure that you have the following prerequisites.
- The required level of access to create and manage subscopes. To manage subscopes, you must have the Writer service role or higher.
- An existing scope.
Creating a subscope
You can create a subscope by using the Security and Compliance Center UI.
- In the IBM Cloud console, go to the Resource list page and select your instance of Security and Compliance Center.
- In your instance of Security and Compliance Center, go to the Scopes page and select the scope that you want to segment by clicking its name.
- In the Subscopes section of the Details panel that opens, click Manage
- Click Create.
- Provide a name and description for your subscope.
- Select the resources that you want to include in the subscope.
Next, you can create an attachment to start evaluating your resources. Or, you can provide access to the users in your account that need to work with the subscope that you created.